NFS enables several hosts to share files over the network. Under the NFS service, a server holds the data and resources for several clients. The clients have access to the file systems that the server shares with the clients. Users who are logged in to the client machines can access the file systems by mounting the file systems from the server. To the user on the client machine, it appears as if the files are local to the client. One of the most common uses of NFS allows systems to be installed in offices, while keeping all user files in a central location. Some features of the NFS service, such as the mount -nosuid option, can be used to prohibit the opening of devices and file systems by unauthorized users.
The NFS service uses Secure RPC to authenticate users who make requests over the network. This process is known as Secure NFS. The authentication mechanism,
AUTH_DH, uses DES encryption with Diffie-Hellman authentication to ensure authorized access. The
AUTH_DH mechanism has also been called
For how to set up and administer Secure NFS, see “Administering the Secure NFS System” in System Administration Guide: Resource Management and Network Services.
For how to set up the NIS+ tables and enter names in the cred table, see System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).
For an outline of the steps that are involved in RPC authentication, see Implementation of Diffie-Hellman Authentication.